Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

About cluster configuration

Lockie
Engager
yesterday

Hello everyone, I have a question for you. In a single-site cluster, how can I configure license-manage to be a separate node (this node will not have other cluster roles except license-manage), I see that cluster-config does not have a corresponding mode.
==>edit cluster-config -mode manager|peer|searchhead -<parameter_name> <parameter_value>

If it is MC, how should I configure it?

It would be even better if best practices could be provided

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
yesterday

As usual this depends on your environment how you should do it. 

Personally I prefer separate LM if you have distributed environment and especially if you have several clusters etc. I also avoid to use any CM as LM. You could easily run LM as virtual node and it doesn't need almost any resources (2-4vCPU, 2-4GB memory etc.) Of course if you have lot of indexers then it should be bigger.

Just configure it as an individual node and/or node which send its internal logs into some indexers/cluster (I prefer this). Usually I do this with conf files not with those commands. There is no need to configure it as a search head in cluster. Especially if you have MC on another node where you check license status. If you haven't and you have forwarded internal logs into cluster then just add it as an individual SH should installed into cluster environment. 

r. Ismo

Probably most important thing is that its general stanza's pass4symmKey is same than all those nodes which are connected to it (or at least that was earlier required). 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
yesterday

As usual this depends on your environment how you should do it. 

Personally I prefer separate LM if you have distributed environment and especially if you have several clusters etc. I also avoid to use any CM as LM. You could easily run LM as virtual node and it doesn't need almost any resources (2-4vCPU, 2-4GB memory etc.) Of course if you have lot of indexers then it should be bigger.

Just configure it as an individual node and/or node which send its internal logs into some indexers/cluster (I prefer this). Usually I do this with conf files not with those commands. There is no need to configure it as a search head in cluster. Especially if you have MC on another node where you check license status. If you haven't and you have forwarded internal logs into cluster then just add it as an individual SH should installed into cluster environment. 

r. Ismo

Probably most important thing is that its general stanza's pass4symmKey is same than all those nodes which are connected to it (or at least that was earlier required). 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
yesterday

Hi @Lockie ,

at first you don't need a dedicated server to License Manager, you can use the Cluster Manager (better) or the Monitoring Console.

Anyway, there's no relations between the cluster roles and the License manager: you have only to configure the cluster componente to use the LM.

In other words, in each Search Peer and in the CM, you have to configure the License Manager, manually or deploying an Add-On (on the Search Pers by CM and on the CM by Deployment Server).

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Lockie
Engager
yesterday

Thank you for your reply. I understand. I tried to do this today but couldn't find a way. Is there a way to separate the license-manager? If the software itself does not support it, I won't bother with it.

In addition, please tell me how to separate the mc and how to configure it

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
yesterday

Hi @Lockie ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the contributors 😉

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
yesterday

Hi @Lockie ,

the LM is a Splunk instance and all the Splunk Servers that need a licence point to it.

the Servers that need to point to the LM are IDXs, SHs, CM, MC, SHC_D, and  HFs, UFs don't need a connection.

You can configurethis link manually by GUI or creating an add-on to deploy using the CM on the IDXs, the SHC-D for the SHs and the DS for the other roles,

Ciao.

Giuseppe

 

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...